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METHOD, SYSTEM, AND APPARATUS FOR PATIENT 
CONTROLLED ACCESS OF MEDICAL RECORDS 

BACKGROUND 

Field of the Invention 

[0001] The present invention relates to the field of information administration 

and, more particularly, to user-specific information services. 

Description of the Related Art 

[0002] The storage and availability of different types of personal information is 
prompting increased privacy concerns. Users have a need to collect and store their 
personal information while also having ready access to the information. One of the 
manners in which information may be stored and retrieved more easily is through the use 
of electronic storage media. Users can store information such as bank records, medical 
records, credit card information, and the like on media. Unless the media is available to 
be accessed from different locations, however, the users must either carry the media with 
them or must permit access to the media fi-om different locations. The latter situation 
results in concerns by the users that their personal information will not remain private and 
can be accessed without their permission. 

[0003] This concern is especially true for medical records. Patient records need to be 
available for reference at their current doctors' offices, at any hospital where a patient is 
admitted or goes for outpatient treatment, and, for some limited purposes, at health 
insurance companies. At the current time, copies of private medical information are 
commonly scattered over different locations, hi many of these instances, critical 
documents or images in hardcopies might even be lost, unavailable, or temporarily 
misplaced. 

[0004] In all instances, doctors, hospitals, and health insurance employees all have to 
be trusted to have adequate computer and physical security over this medical information. 
Additionally, records may remain in the possession of particular doctors long after a 
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patient has changed doctors and/or msurance companies, with no real need or incentive 
for those doctors or companies to provide access, maintain the confidentiality of this 
information, or ensure its security. The end result is that patients cxirrently have no 
control over enabling and limiting access to their private medical information. 
[0005] Currently, there is only limited physical security for many paper records at 
doctors* offices. For computer records, there are no guarantees, and limited regulatory 
requirements mandating that these records be kept secure from unauthorized personnel 
and/or hackers. Further, as many people have illnesses or conditions that they wish to 
remain private, this lack of security may result in exclusion from a job, affordable 
insurance, or embarrassing circumstances for these individuals should their private 
medical information become accessed by someone without the individual's permission. 
[0006] Accordingly, it would be beneficial to provide a system and method that 
would permit a patient to access their own medical records. It would also be beneficial to 
provide a system and method that would permit a patient to control who could view their 
medical records as well as how such persons or entities would be able to view such 
information. It would also be beneficial to provide a system and method that would 
increase security over a patient's medical records consistent with local government 
regulations such as the Health Insurance Portability and Accoimtability Act in the United 
States. 
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SUMMARY OF THE INVENTION 
[0007] The present invention provides a method, system, and apparatus for permitting 
a patient to have controlled access to their medical records. More specifically, the 
present invention is capable of permitting a patient to access their own medical records 
from any location such that they are available even if the patient is away from their home. 
The present invention would also be capable of increasing the level of security a patient 
had over their medical records and enabling a patient to control those persons with whom 
access was granted to view these records. 

[0008] In general, the present invention provides a method of permitting controlled 
access to medical records wherein a repository or storage server is first established. The 
repository would include each patients records and would store them using a data storage 
device. The repository may be a central repository or a plurality of regional repositories. 
The repository may be connected to a network through a secure mechanism. As a result, 
any of a number of different persons and/or institutions may be granted access to the 
repository by the patient including, but not limited to, insurance companies, hospitals, 
research institutions, pharmacies, laboratories, and physicians. Authorization to access 
the repository may be through the use of a card and/or PIN for each of these persons 
and/or institutions, and some access may be limited in scope to only those records 
necessary for that particular person and/or institution. 

[0009] In one embodiment, the present invention provides a method for permitting 
controlled access to medical records involving the steps of establishing a storage means 
for containing medical information, establishing a means for accessing the medical 
information, and controlling the means for accessing the medical information. Access to 
the medical information can be controlled according to a type or assigned role of the 
entity accessing the medical information, wherein access is limited according to the type 
or role of the entity. 

[0010] In another embodiment, the present invention provides a machine-readable 
storage having stored thereon, a computer program having a plurality of code sections, 
said code sections executable by a machine for causmg the machine to perform the steps 
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of establishing a storage means for containing medical information, establishing a means 
for accessing the medical information, and controlling the means for accessing the 
medical information. Access to the medical information can be controlled according to a 
type or an assigned role of the entity accessing the medical information, wherein access is 
limited according to the type or role of the entity. 

[0011] In yet another embodiment, the present invention provides a system for 
permitting controlled access to medical records including storage means for containing 
medical information, means for accessing the medical information, and means for 
controlling the means for accessing the medical information. Access to the medical 
information can be controlled according to a type or assigned role of the entity accessing 
the medical information, wherein access is limited according to the type or role of the 
entity. 
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BRIEF DESCRIPTION OF THE DRAWINGS 
[0012] There are shown in the drawings, embodiments which are presently preferred, 
it being understood, however, that the invention is not limited to the precise arrangements 
and instrumentalities shown. 

[0013] FIG. 1 is a schematic diagram illustrating one embodiment of a system for 
permitting controlled access to medical records in accordance with the inventive 
arrangements disclosed herein. 
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DETAILED DESCRIPTION OF THE INVENTION 
[0014] The present invention provides a method, system, and apparatus for permitting 
controlled access to personal information including, but not limited to, medical records. 
More specifically, the present invention provides a storage location for personal 
information that stores the information securely and only provides the information to 
authorized persons to whom the patient has given authority to view and/or use the 
information, or a subset of the information. 

[0015] In one embodiment, patients can specify which person or entity may access 
one's medical information, which portions of the medical information such persons can 
access, as well as how such information can be viewed. These determinations can be 
based upon the role or type of entity accessing the information. For example, a research 
institution can be provided with different aspects of a person's medical information than a 
doctor. By differentiating access based upon the accessing party's role, anonymous 
information, for instance, can be provided to a researcher, while a patient's full medical 
information can be provided to a personal physician. As such, the present invention gives 
maximum control to the patient and/or eliminates static and potentially out-of-date copies 
of information from being spread around potentially hundreds of locations. 
[0016] The present invention permits a patient to access their medical information 
from any location by establishing a central or distributed repository to which a patient 
may have their personal information sent and maintained. The main purpose of the 
repository would be to securely store the medical information and permit only authorized 
access to the information. The patient would have complete control over the information 
and those individuals who would be capable of accessing the information. In an 
emergency situation, however, the present invention contemplates that precertified 
emergency care providers would be able to override the access limitations to obtain 
necessary medical information in a manner that would remain highly secure. 
[0017] In one embodiment, the present invention can utilize a central data repository 
or a series of repositories that are used to store medical information. A patient would 
supply their medical information to the repository and request providers to do the same. 
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Each patient would have a universally unique patient identifier. The identifier may be 
any identifier, such as an alphanumeric sequence, that may then be used to tag each 
record of the patient's medical information. In another embodiment, the identifier may be 
recorded on a card wdth a magnetic strip or on a smart card having a radio frequency 
identification (RFID) tag with the number stored therein. Still, any of a variety of 
portable and/or personal storage devices may be used to record such information. In an 
alternative more secure embodiment, a smart card, such as the RSA SecurlD 6100 USB 
Token, could be used to provide secure mobile patient credentials, or any active security 
measures, which may include biometrics, private keys, etc. 

[0018] In any case, the card may be associated with a secret personal identification 
number (PIN) that is used to control access. The PIN may be a number or may include 
letters. The PIN may be randomly generated and assigned to the patient or may be 
specifically chosen by the patient. The PIN may be used to further increase the security 
over the patient's medical information by ensuring that an imauthorized person could not 
access medical information simply by using a card. 

[0019] In alternative embodiments, a patient may obtain additional cards that may be 
given to family members. As such, in an emergency situation and/or when the patient is 
not able to access the information themselves, the family member may access the 
patient's information with the card and, in select embodiments, their own PIN. The PIN 
may be the patient's PIN or a different PIN. Each provider would be issued their own 
card and PIN, which permits the system to record which person accessed the patient's 
medical information, what information was accessed by that person, and limits access to 
specific content as directed by the patient. 

[0020] Accordingly, when a patient desires to access their records, they may do so by 
providing their unique patient identifier, card, and/or PIN to the repository. At that time, 
the patient has secure access to their records regardless of the location of the patient at 
any given time. 

[0021] If the patient wishes to grant access to others, this may be accomplished using 
a variety of different procedures that safeguard the patient and the patient's information. 
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In one such example, such as when visiting a physician or hospital, the patient would be 
able to grant access to the physician or hospital by authorizing the physician or hospital 
to access the patient's records. The doctor's office or hospital would have a reader for 
reading the patient's card. The reader may be capable of reading magnetic strips, RFID 
tags, or smart cards, with or without active security features based on biometrics etc. In 
select embodiments, RFID tags are used with smart cards as RFID tags utilize encryption 
that is generally more difficult to compromise than magnetic strips. The reader would be 
specific to the type of media chosen for deployment. 

[0022] Accordingly, once in the physician's office or hospital, the patient would use 
their card to identify themselves to the repository Web site. The link to the site may be 
secured by known means, including, but not limited to, a secured socket layer (SSL) 
connection, public/private key encryption, or through a virtual private network (VPN). 
The card and/or PIN would identify the patient to the repository. A cookie or other 
identifier on a workstation at the physician's office could be used to identify the 
physician's office and permit the patient to quickly navigate to the correct physician and 
grant that physician access. 

[0023] In one embodiment, while the patient is connected, a list of current accessors 
would also be visible or available to be viewed. The patient could then remove one or 
more access permissions fi'om their profile on the system thereby keeping the system up 
to date and/or increasing the security of the patient's information. For example, as access 
can be granted to parties based upon that parties assigned role, the patient can change the 
role of an accessor thereby discontinuing that party's privileges. For instance, the role of 
a physician can be changed from "current medical provider" where the physician has 
unfettered access to the patient's medical information, to "past medical provider", where 
the physician has limited or no access to the patient's medical information. Any such 
changes can alter the access granted to the accessing party including, but not limited to, 
which items of medical information are available to the accessor, how that information 
will be viewed, as well as whether the accessor will continue to have access to the 
patient's medical information at all. 
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[0024] Permitting a physician to have a card and/or PIN would allow the physician to 
access the patient's records at other times besides those instances when the patient is in 
the physician's office. For example, the physician would use a single card or mechanism 
to access medical information for each of that physician's patients. Each patient, being 
the administrator of his or her own information, would grant the physician access to his 
or her medical information. The physician, being registered with the present invention 
and having a PIN and providing that PIN to the system, would then be granted access to 
the medical information of each patient that granted the physician access. 
[0025] In one embodiment, the present invention can be configured to require that a 
PIN be re-entered after a short time out period or period of inactivity, but would be long 
enough to permit a doctor to see patients in the same office without having to continually 
re-enter the PIN during the patient's visit. To expedite the process of accessing and 
retrieving a patient's records, a patient's card could be scaimed upon entry to the 
physician's examination room. This would only provide an automated means to identify 
the patient and retrieve the records. After a patient has given a physician access, the 
physician may navigate to the patient's records at any time. These records would not be 
visible, however, until the physician enters the room and scans the physician's card 
(providing that a timeout has not occurred which would require the patient to re-enter the 
patient's PIN). 

[0026] In an alternative embodiment, the action of the physician scaiming the 
physician's card could also deactivate the view of any prior terminal that the physician 
was viewing in another room, thereby increasing the security of the prior patient's 
records. In another altemative embodiment, the physician's access could be through a 
wireless device over a secure fabric that would pull records from an active transient copy 
located on the physician's office server. 

[0027] In some instances, the physician's staff may need to view a patient's records 
for some limited information. Such can be the case with respect to patient's test results. 
Still, this limited information may include, but is not limited to, verification that the 
patient is still covered by insurance, whether the patient's insurance provider has 
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changed, whether the physician still has access to the patient's records, and/or whether the 
patient's insurance will cover a particular treatment and, if so, to what extent. As such, in 
another embodiment of the present invention, limited access may be granted by using a 
separate card and/or PESf that would provide limited access only from a specific office 
and only for patients that are associated with that office. A physician and/or the patient 
would be able to assign and/or delete this manner of limited access. 
[0028] For example, a role of medical office worker can be created which allows a 
person with such a designation to access limited medical information that may be 
necessary for processing bills and claims. Patients can authorize a physician or 
physician's office. The physician, or office, in tum, can associate one or more office 
workers with this role such that when a patient authorizes a particular physician or office, 
that physician's office workers are provided limited access to the patient's medical 
information as defined by the role "medical office worker". 

[0029] The system and method of the present invention may also be used to grant 
insurance companies with access to the patient's medical information to give these 
companies a paperless connection to the physician and patient files. In those 
embodiments where an insurance company is granted permission, the patient would be 
the person who would add or delete access to the patient's medical information. The 
access could be granted to one or more insurance companies and could be removed from 
those companies with whom the patient no longer has a relationship. Insurance company 
access could be limited as to the type of information that could be accessed. For 
example, only information essential for servicing claims, such as a procedure, a reference 
number, and provider information would be transferred to the insurance company. The 
reference numbers and procedures could then be correlated to a patient by the insurance 
company. A statement of this type of transfer could be associated with the reference 
number. Correlation to a particular patient's name could be set up as requiring additional 
authorization. 

[0030] In altemative embodiments, prescriptions could be recorded into the 
repository and could be pre-authorized by the insurance company and processed by a 
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pharmacist that is selected by the patient and recorded in the system. A patient's card 
could also be used for identification at the pharmacy for collection of the medicine. 
[0031] In further embodiments, the present invention may include additional roles 

specifying the manner in which limited access may be granted. For example, a laboratory 
that is performing tests may be able to access the system as needed for information 
relevant to the tests performed. Using the lab's card and/or PIN would enable the patient 
to keep track of who had accessed the patient's information. 

[0032] In yet another embodiment, a role can be created for research institutes. 
Patients can specify whether entities assigned such roles, or particular research entities 
for that matter, can access the patient's medical information. Accordingly, research 
institutes, using their own card and/or PIN, can access and/or search the repository to 
view medical information for those patients that chose to make medical information 
available to research institutes. 

[0033] For example, such a system would allow a research institute to search for and 
obtain information regarding people with certain conditions. That information can be 
provided, however, in an anonymous fashion without information that identifies the 
patient and in a manner that is consistent with local government regulations and the 
patient's personal preferences. This would enable the research institute to find suitable 
subjects while maintaining anonymity and giving the patient ultimate control over 
whether his or her information was used by such entities. The patient may also be 
compensated for permitting some of their information to be available and used by the 
research institution. Again, although the patient can be compensated, for example 
through the present invention, the research institute need not be aware of the identity of 
the person having provided access to medical information, 

[0034] In an alternative embodiment, the present invention may also include a 
failsafe provision in the event that a patient is physically or mentally unable to obtain 
medical information in an emergency situation. In this instance, the system and method 
may be designed to include emergency protocols such that a hospital or physician that has 
been registered as an emergency care provider, in an emergency situation, could access 
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the system and obtain medical information about the patient by using a security override 
procedure. A patient may be given the option to opt out of the emergency override 
access, or designate only a subset of their medical information to be provided in these 
cases. In these instances, the system could be set up to record the identity and location of 
the person accessing the information using such an emergency override feature, the 
reason for the override, and the records that were accessed in order to prevent abuses. 
[0035] In another embodiment of the present invention, the system and method may 
include an option whereby the patient is notified whenever their medical information is 
accessed. As such, the patient may keep track of who accesses the system, what was 
accessed, and when, thereby further ensuring the security of the patienfs medical 
information. The patient may be notified by any suitable means including, but not 
limited to, fax, email, text messaging, automated or manual phone calls, and the like. 
[0036] The present invention provides a system and apparatus for permitting 
controlled access to medical records. The present invention can also include a method of 
providing the service of controlling access to medical records for individuals. As noted, 
individuals would subscribe to the service and grant or revoke access to specific users or 
groups of users with specific rolls. 

[0037] Thus, a patient can register with the system and log on from time to time to 
add entities to the patient's profile. Such entities can be registered with the system and 
have an assigned role. This role can be used by the system to determine the type of 
access rights afforded to that entity when added to a profile by a patient. Still, a patient 
may alter any such roles as may be required. 

[0038] When an accessing party attempts to access the medical information of a 
particular patient, the PIN or identifier assigned to the accessing party can be compared 
with the patient's profile to determine what, if any, access rights have been afforded to 
that party. The patient's medical information can be provided to the accessing party as 
determined by the role specified in the patient's profile. 

[0039] Figure 1 is a schematic diagram illustrating one embodiment of a system 100 
of permitting controlled access to medical records according to one embodiment of the 
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present invention. In the system 100, a repository or storage server 105 may be 
established. The repository 105 would include each patient's records and would store 
them within a data store 110, such as a data tape storage, hard disk, or the like. The 
repository 105 would be connected to a network 115 through a secure means, such as an 
SSL connection, using encryption, or through a VPN. At that point, any of a number of 
different persons and/or institutions may be granted access to the repository 105 by the 
patient 150. These persons and/or institutions may include, but are not limited to, an 
insurance company 120, a hospital 125, a research institution 130, a pharmacy 135, a 
laboratory 140, a physician 145, as well as the patient 150 from wherever the patient 150 
is located. 

[0040] As discussed, the authorization to access the repository 105 may be through 
the use of a card and/or PIN for each of these persons and/or institutions, and some 
access may be limited in scope to only those records necessary for that particular person 
and/or institution. As noted, access rights can be specified by one or more roles assigned 
to each accessor, which may or may not be customized by the owner of the medical 
information. In addition, in the event of an emergency, an emergency service provider 
155, such as a physician, hospital or emergency medical technician, may be able to 
override the system to obtain necessary medical information. 

[0041] The present invention may be realized in hardware, software, or a 
combination of hardware and software. The present invention may be realized in a 
centralized fashion in one computer system, or in a distributed fashion where different 
elements are spread across several interconnected computer systems. Any kind of 
computer system or other apparatus adapted for carrying out the methods described 
herein is suited. A typical combination of hardware and software may be a general 
purpose computer system with a computer program that, when being loaded and 
executed, controls the computer system such that it carries out the methods described 
herein. 

[0042] The present invention also may be embedded in a computer program product, 
which comprises all the features enabling the implementation of the methods described 
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herein, and which when loaded in a computer system is able to carry out these methods. 
Computer program in the present context means any expression, in any language, code or 
notation, of a set of instructions intended to cause a system having an information 
processing capability to perform a particular function either directly or after either or both 
of the following: a) conversion to another language, code or notation; b) reproduction in 
a different material form. 

[0043] This invention may be embodied in other forms without departing from the 
spirit or essential attributes thereof Accordingly, reference should be made to the 
following claims, rather than to the foregoing specification, as indicating the scope of the 
invention. 
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